​October is Cyber Security Awareness Month, but securing the nation’s energy grid is the electric power industry’s top priority all year long. Electric companies proactively safeguard the energy grid and partner with federal agencies to enhance sector-wide resilience to cyber and physical security threats.

With continued investment in grid security measures, enhanced mutual assistance networks, and partnerships with the government, electric companies remain committed to securing the energy grid in the face of evolving threats. The industry has forged a strong partnership with the government through the Electricity Subsector Coordinating Council (ESCC) to prepare for, and respond to, national-level incidents or threats to critical infrastructure. EEI also continues to work with industry leaders, the North American Electric Reliability Corporation (NERC), and the Federal Energy Regulatory Commission (FERC) on critical infrastructure standards for cyber and physical security to protect critical assets of the bulk power system.

The industry shares actionable information through the Electricity Information Sharing and Analysis Center (E-ISAC). The E-ISAC also manages the Cybersecurity Risk Information Sharing Program (CRISP), a public-private partnership co-funded by the Department of Energy (DOE) and the industry, that facilitates timely bi-directional sharing of actionable unclassified and classified threat information, using advanced collection, analysis, and dissemination tools to identify threat patterns and trends across the electric power industry.

This summer, the ESCC worked closely with the DOE and the Department of Homeland Security to inform key portions of the cybersecurity executive order that President Trump signed in May. As part of this effort, the industry contributed to a major report required by the order assessing the nation’s capability to respond to a major power disruption. The ESCC also developed and exercised the cyber mutual assistance (CMA) program to aid electric and natural gas companies in restoring necessary computer systems in the event of a cyber incident. The CMA program provides surge capacity should a cyber incident exceed the capacity for an individual company to respond, and now includes more than 125 companies that serve more than 80 percent of U.S. customers.

Finally, the industry is making final preparations for its sector-wide exercise in November, known as GridEx. NERC’s GridEx series brings together hundreds of organizations and thousands of participants from industry, government agencies, and partners in Canada and Mexico to improve how industry and government protect the grid and respond to incidents and threats.